Added login endpoint, implemented authentication function, and created /users/me endpoint requiring authorization.

Author: aquie00tt

nodemon.json

@@ -1,11 +1,11 @@
 {
-    "watch": ["src"],
-    "ext": "ts",
-    "ignore": ["node_modules", "dist", "tests"],
-    "exec": "ts-node ./src/index.ts",
-    "env": {
-        "NODE_ENV": "development"
-    },
-    "delay": 1000,
-    "verbose": true
-}
+	"watch": ["src"],
+	"ext": "ts",
+	"ignore": ["node_modules", "dist", "tests"],
+	"exec": "ts-node --files ./src/index.ts",
+	"env": {
+		"NODE_ENV": "development"
+	},
+	"delay": 1000,
+	"verbose": true
+}

src/app.ts

@@ -48,9 +48,12 @@ app.use(express.urlencoded({ extended: true }));
  */
 app.use(
 	morgan(
-		configuration.NODE_ENV === "development"
-			? "dev"
-			: "combined",
+		configuration.NODE_ENV === "production"
+			? "combined"
+			: "dev",
+		{
+			skip: () => configuration.NODE_ENV === "test",
+		},
 	),
 );
 

src/controllers/UserController.ts

@@ -1,3 +1,4 @@
+import mongoose from "mongoose";
 import UserModel, {
 	IUserDocument,
 } from "../database/models/UserModel"; // Import the user model and IUserDocument interface
@@ -55,4 +56,18 @@ export default class UserController {
 		// Return true if a document was deleted, otherwise return false
 		return result.deletedCount > 0;
 	}
+
+	public static async findUserById(
+		id: mongoose.Types.ObjectId,
+	): Promise<Omit<IUserDocument, "password"> | null> {
+		const user = await UserModel.findOne<IUserDocument>({
+			$or: [
+				{
+					_id: id,
+				},
+			],
+		}).select("-password");
+
+		return user;
+	}
 }

src/errors/ForbiddenError.ts

@@ -0,0 +1,20 @@
+import BaseError from "./BaseError";
+
+/**
+ * Class representing a ForbiddenError.
+ * This error is used to indicate that the client does not have permission
+ * to access a specific resource or perform a specific action.
+ * It extends the BaseError class to include a custom error message and a 403 status code.
+ */
+export default class ForbiddenError extends BaseError {
+	/**
+	 * Constructor for ForbiddenError.
+	 * By default, it sets the message to "ForbiddenError" and the HTTP status code to 403.
+	 *
+	 * @param message - Custom error message (optional).
+	 */
+	public constructor(message = "ForbiddenError") {
+		// Pass the message and status code to the BaseError constructor
+		super(message, 403);
+	}
+}

src/errors/UnauthorizedError.ts

@@ -0,0 +1,19 @@
+import BaseError from "./BaseError";
+
+/**
+ * Class representing an UnauthorizedError.
+ * This error is used when authentication is required but has failed or has not been provided.
+ * It extends the BaseError class to include a custom error message and a 401 status code.
+ */
+export default class UnauthorizedError extends BaseError {
+	/**
+	 * Constructor for UnauthorizedError.
+	 * By default, it sets the message to "Unauthorized" and the HTTP status code to 401.
+	 *
+	 * @param message - Custom error message (optional).
+	 */
+	public constructor(message = "Unauthorized") {
+		// Pass the message and status code to the BaseError constructor
+		super(message, 401);
+	}
+}

src/middlewares/authentication.ts

@@ -0,0 +1,55 @@
+import type {
+	Request,
+	Response,
+	NextFunction,
+} from "express";
+import UnauthorizedError from "../errors/UnauthorizedError"; // Import the custom UnauthorizedError class for handling authorization errors
+import { verifyToken } from "../utils/jsonwebtoken"; // Import the utility function to verify JWT tokens
+import ForbiddenError from "../errors/ForbiddenError"; // Import the custom ForbiddenError class for handling access errors
+
+/**
+ * Middleware function for authenticating requests using JWT.
+ * This function checks for the presence of a valid JWT in the Authorization header.
+ *
+ * @param req - The request object.
+ * @param res - The response object.
+ * @param next - The next middleware function to call.
+ */
+export function authentication(
+	req: Request,
+	res: Response,
+	next: NextFunction,
+): void {
+	// Retrieve the Authorization header from the request
+	const authHeader = req.headers["authorization"];
+
+	// Check if the Authorization header is missing
+	if (!authHeader) {
+		// If missing, call the next middleware with an UnauthorizedError
+		return next(
+			new UnauthorizedError(
+				"Authorization header is missing.", // Error message for missing header
+			),
+		);
+	}
+
+	// Extract the token from the Authorization header (format: "Bearer <token>")
+	const token = authHeader.split(" ")[1];
+
+	// Verify the token using the verifyToken utility function
+	const payload = verifyToken(token);
+
+	// Check if the payload is invalid or missing
+	if (!payload) {
+		// If verification fails, call the next middleware with a ForbiddenError
+		return next(
+			new ForbiddenError("Invalid or expired token."), // Error message for invalid/expired token
+		);
+	}
+
+	// Attach the decoded user payload to the request object for later use
+	req.user = payload;
+
+	// Proceed to the next middleware or route handler
+	return next();
+}

src/routes/auth/login.ts

@@ -62,6 +62,7 @@ export async function login(
 
 	// Generate a JWT access token for the authenticated user
 	const accessTokenResult = generateAccessToken({
+		id: user.id,
 		username: user.username,
 	});
 

src/routes/routes.ts

@@ -1,21 +1,23 @@
 import {
-	type Request, // Type for the HTTP request object from Express
-	type Response, // Type for the HTTP response object from Express
-	Router, // Function from Express used to create routers
+	type Request, // Type definition for the HTTP request object from Express.
+	type Response, // Type definition for the HTTP response object from Express.
+	Router, // Function from Express used to create a new router instance.
 } from "express";
-import configuration from "../utils/configuration"; // Import the configuration utility for API versioning
-import getHome from "./homes"; // Import the getHome function to handle the home route
-import register from "./auth/register"; // Import the register function to handle user registration
-import { login } from "./auth/login"; // Import the login function to handle user login
+import configuration from "../utils/configuration"; // Import the configuration utility for accessing application settings, including API versioning.
+import getHome from "./homes"; // Import the getHome function to handle requests to the home route.
+import register from "./auth/register"; // Import the register function for handling user registration requests.
+import { login } from "./auth/login"; // Import the login function for handling user login requests.
+import { authentication } from "../middlewares/authentication"; // Import the authentication middleware to protect routes that require authentication.
+import { profile } from "./users"; // Import the profile function to handle user profile retrieval.
 
 /**
- * Create a new Router instance for defining API routes.
+ * Create a new Router instance to define the API routes.
  */
 const router = Router();
 
 /**
- * Define the base URL for API versioning.
- * The version is fetched from the configuration utility.
+ * Define the base URL for the API, incorporating versioning from the configuration.
+ * The version is fetched dynamically to ensure flexibility during updates.
  */
 const baseURL = `/api/v${configuration.API_VERSION}`;
 
@@ -25,38 +27,50 @@ const baseURL = `/api/v${configuration.API_VERSION}`;
 const authURL = `${baseURL}/auth`;
 
 /**
- * Redirects from the root endpoint to the base API URL.
- * This route handles GET requests to the root ("/") and redirects them to the base URL.
+ * Construct the users URL using the base URL.
+ */
+const usersURL = `${baseURL}/users`;
+
+/**
+ * Redirect from the root endpoint ("/") to the base API URL.
+ * This route handles GET requests to the root and redirects them to the defined base URL.
  *
  * @param req - The HTTP request object.
  * @param res - The HTTP response object.
  * @returns A redirection response to the base URL.
  */
 router.get("/", (req: Request, res: Response) => {
-	return res.redirect(baseURL); // Redirect to the base URL
+	return res.redirect(baseURL); // Redirect to the base API URL.
 });
 
 /**
  * Define the GET route for the base API URL.
- * This route handles GET requests to the base URL and executes the getHome function.
+ * This route handles GET requests to the base URL and executes the getHome function,
+ * which returns relevant home data.
  *
  * @returns A JSON response containing home data.
  */
-router.get(baseURL, getHome); // Handle GET requests to the base URL
+router.get(baseURL, getHome); // Handle GET requests to the base URL.
 
 /**
  * Define the POST route for user registration.
- * This route handles POST requests to the authentication URL for user registration.
+ * This route handles POST requests to the authentication URL for registering new users.
  */
-router.post(`${authURL}/register`, register); // Handle user registration
+router.post(`${authURL}/register`, register); // Handle user registration requests.
 
 /**
  * Define the POST route for user login.
- * This route handles POST requests to the authentication URL for user login.
+ * This route handles POST requests to the authentication URL for user login operations.
+ */
+router.post(`${authURL}/login`, login); // Handle user login requests.
+
+/**
+ * Define the GET route for retrieving the authenticated user's profile.
+ * This route requires authentication middleware to ensure only logged-in users can access it.
  */
-router.post(`${authURL}/login`, login); // Handle user login
+router.get(`${usersURL}/me`, authentication, profile); // Handle GET requests for the authenticated user's profile.
 
 /**
- * Export the router instance for use in other modules.
+ * Export the configured router instance for use in other modules.
  */
-export default router; // Export the configured router instance
+export default router; // Export the router instance for application routing.

src/routes/users.ts

@@ -0,0 +1,46 @@
+import type {
+	Request,
+	Response,
+	NextFunction,
+} from "express"; // Importing necessary types from Express framework.
+import UserController from "../controllers/UserController"; // Importing the UserController to handle user-related operations.
+import NotFoundError from "../errors/NotFoundError"; // Importing a custom error class for handling not found errors.
+import { IDataResponse } from "../types/response"; // Importing the response interface for standardized responses.
+import { IUserDocument } from "../database/models/UserModel"; // Importing the user document interface to define the structure of user data.
+
+/**
+ * Middleware function to retrieve and return the profile information of the authenticated user.
+ * @param req - The Express request object, containing user information in req.user.
+ * @param res - The Express response object used to send back the desired HTTP response.
+ * @param next - The next middleware function in the Express stack to call if an error occurs.
+ * @returns A JSON response containing user data without the password field, or an error if the user is not found.
+ */
+export async function profile(
+	req: Request,
+	res: Response,
+	next: NextFunction,
+): Promise<Response<
+	IDataResponse<Omit<IUserDocument, "password">>
+> | void> {
+	// Attempt to find the user by ID from the authenticated request.
+	const user = await UserController.findUserById(
+		req.user.id,
+	);
+
+	// If the user is not found, call the next middleware with a NotFoundError.
+	if (!user) {
+		return next(new NotFoundError("User Not Found."));
+	}
+
+	// Prepare the response data, excluding the password field for security reasons.
+	const response: IDataResponse<
+		Omit<IUserDocument, "password">
+	> = {
+		message: "User Data", // Message indicating success.
+		status: "success", // Status of the response.
+		data: user, // User data returned in the response.
+	};
+
+	// Send a 200 OK response with the user data in JSON format.
+	return res.status(200).json(response);
+}

src/types/Payload.ts

@@ -1,7 +1,10 @@
-import { IUser } from "../database/models/UserModel"; // Import the IUser interface, representing a user schema from the database
+import mongoose from "mongoose";
 
 /**
  * Type definition for the JWT payload.
  * The payload will contain user data, but the password field is omitted for security reasons.
  */
-export type Payload = Omit<IUser, "password">; // Omit the 'password' field from IUser, as it should not be included in the token
+export type Payload = {
+	id: mongoose.Types.ObjectId;
+	username: string;
+}; // Omit the 'password' field from IUser, as it should not be included in the token

src/types/declare.d.ts

@@ -1,3 +1,5 @@
+import type { Payload } from "./Payload";
+
 /**
  * Augmenting the global NodeJS namespace to include custom environment variable types.
  * This allows TypeScript to understand the structure of the process.env object.
@@ -52,16 +54,34 @@ declare global {
 			 * affecting the time taken to hash a password. Higher values increase security but also the time required.
 			 */
 			SALT_ROUNDS: string;
+
 			/**
-			 * JWT Secret Key
+			 * The secret key used for signing JWT tokens.
+			 * This is a critical value for token security and should be kept secret.
 			 */
 			SECRET_KEY: string;
+
 			/**
-			 * Jwt Access Token EXPIRES_IN
+			 * Defines the expiration time for JWT tokens.
+			 * Typically in a format such as '1h' (1 hour) or '7d' (7 days).
 			 */
 			EXPIRES_IN: string;
 		}
 	}
+
+	/**
+	 * Augmenting the Express namespace to include custom user data in the Request object.
+	 * This allows access to the authenticated user's payload within request handlers.
+	 */
+	namespace Express {
+		interface Request {
+			/**
+			 * The user payload extracted from the JWT token.
+			 * This will be available on the request object after authentication.
+			 */
+			user: Payload;
+		}
+	}
 }
 
 /**

src/utils/jsonwebtoken.ts

@@ -36,3 +36,26 @@ export function generateAccessToken(
 		expiresIn: configuration.EXPIRES_IN, // Expiration time for the token
 	};
 }
+
+/**
+ * Function to verify a JWT token.
+ * This function checks the validity of the token using the secret key and returns the decoded payload.
+ *
+ * @param token - The JWT access token string to be verified.
+ * @returns The decoded payload if the token is valid, otherwise null.
+ */
+export function verifyToken(token: string): Payload | null {
+	try {
+		// Verify the token using the secret key and decode the payload
+		const payload = jwt.verify(
+			token,
+			configuration.SECRET_KEY,
+		);
+
+		// Return the decoded payload casted to the Payload type
+		return payload as Payload;
+	} catch {
+		// Return null if token verification fails
+		return null;
+	}
+}